Enabling Presto Application Queries for All LDAP Users or Groups for Permissions
Presto queries the User Repository for user groups and users to enable you and other users to assign permissions for Presto resources. To enable these queries you set properties in the Admin Console:
1. If needed, log into Presto Hub and click Admin Console in the main menu. 2. Expand Presto Repositories and click User Repository - LDAP.
3. Click Advanced Options.
4. To enable queries for all users, set these properties:
User Search Base (in Authentication Properties) = the base context for a search for all users. This is used with the All Users Search Filter and Search Subtree For All Users properties to get a result. For example:
ou=People
Important: | This property is also used to search for users during authentication. Consider both uses before changing its value. |
All Users Search Filter (in Presto Queries) = the search filter, combined with User Search Base that is used to find all user entries. For example:
objectclass=inetOrgPerson
To support wildcard searches and define the sort order for results, you must also define these properties:
Attributes Used in Wildcard Search (in Presto Queries) = a list of LDAP attributes, separated by commas, to search in for wildcard searches. This defaults to:
cn,uid
User Sort By Attribute (in Presto Queries) = the LDAP attribute that should be used to sort the results of wildcard searches. This defaults to:
cn
You must also define these properties so that Admin Console can display minimal user information:
User First Name Attribute (in Presto Queries) = the LDAP attribute that holds users' first names.
User Last Name Attribute (in Presto Queries) = the LDAP attribute that holds users' last names.
User Email Attribute (in Presto Queries) = the LDAP attribute that holds users' email addresses.
5. To enable queries for LDAP groups that can be used to assign Presto permissions:
Group Search Base (in Authorization Properties) = the beginning context, combined with Filter to Find All Groups for Roles to find all LDAP groups that can be used to assign
Presto permissions. For example:
ou=groups
Important: | This property is also used to search for Presto permissions during authorization. Consider both uses before changing its value. |
Filter to Find All Groups for Permissions = the search filter, combined with Group Search Base that is used to find all LDAP groups that may be used to assign
Presto permissions. For example:
objectclass=groupOfUniqueNames